REMARKS 

In view of the following remarks, Applicant respectfully requests 
reconsideration and allowance of the subject application. 



5 Amendments to the Claims 

Claims 1, 12, 13, 17, 23, and 27 are amended to more clearly distinguish 
processing performed by a server system from processing performed by a client 
device. 

10 Rejections to the Claims 
35 U.S.C. 103 

Claims 1-3 and 5-29 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over United States Patent Application Publication No. 
2003/0061288 A1 filed by Brown et at. (herein referred to as "Brown") in view of 
15 United States Patent Application Publication No. 2002/0019844 filed by 
Kurowski et al. (herein referred to as "Kurowski"). 

Applicant's application describes a re-authentication system 
implemented on a server computer system that provides increased security 
20 without disrupting user workflow in a client-server environment. When a 
request is submitted from the client to the server, the re-authentication system 
verifies that the session is secure. If the re-authentication system cannot verify 
that the session is secure, the system persists (e.g., saves or maintains) the 
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request and directs the client to re-authenticate the session. When the client 
session is re-established, the re-authentication system directs the server to 
process the saved request, instead of requiring that the request be re-submitted 
from the client. (Application, page 2, line 25 - page 3, line 8.) Specifically, 
5 claim 1 recites a method comprising: 

establishing an authenticated session between a server and a client; 

receiving at the server, a request from the client; 

determining whether the session is still authenticated; 

in an event that the session is no longer authenticated, persisting as a 
1 0 pending request at the server, the request from the client; and 

in an event that the session is subsequently re-authenticated, the server 
processing the pending request. 



Brown teaches a method and system that provide an accessibility 
15 gateway to Internet e-mail through the use of a web intermediary server. A 
request for email from any mail server is sent from the client device to the 
intermediary server. The intermediary server retrieves the requested e-mail 
from a mail server, transcodes the server-based e-mail into a web-based e-mail 
and applies user-defined transformations to the e-mail for accessibility, which is 
20 then sent back to the client device. If the email is from a secure mail server, the 
intermediary server functions as a proxy for the user device to establish the 
requisite secure connection with the mail server. (Brown, Abstract.) 
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Kurowski teaches a highly distributed environment where very large 
computation intensive tasks are broken down into thousands of sub-tasks and 
then distributed to thousands of clients running on a variety of computers 
across the Internet. The idle CPU time of each of these thousands of client 
5 computers is used to perform these computations by running custom 
application modules in a low priority. (Kurowski, Abstract.) 

The combination of Brown and Kurowski does not teach or suggest 
"receiving at the server, a request from the client; determining whether the 
session is still authenticated; and in an event that the session is no longer 

10 authenticated, persisting as a pending request at the server, the request from 
the client," as recited in claim 1. The Office cites Brown, Fig. 4 and paragraphs 
[0028]-[0030] as teaching, "establishing an authenticated session with a client; 
receiving a request from the client; determining whether the session is still 
authenticated; and in an event that the session is authenticated, processing the 

15 client request." The Office further contends that, "re-authentication is inherently 
required in order for the request to be processed since each time a request is 
made, the server checks to see if the client is authenticated." While re- 
authentication may be required in order for the request to be processed, based 
on the description provided in Brown, it would also be required that the user re- 

20 submit the request after obtaining re-authentication because there is no 
suggestion that, "in an event that the session is no longer authenticated, 
persisting as a pending request at the server, the request from the client." 
Specifically, Brown teaches that: 
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The WAG proxy machine 1 1 receives the request for a web-based 
e-mail and authenticates the user as being authorized to use the 
service provided by proxy machine 1 1 , as illustrated in block 38. 
A query, as described in block 40, is made as to whether the user 
5 is authenticated. If not, a directive, as illustrated in block 42, is 

sent back to client device 10, typically in the form of a web 
page, requesting content for the user to log onto and/or 
register with the WAG services offered through proxy machine 
11. (Brown, paragraph [0029].) 

10 

The cited portion of Brown teaches verifying that a user is authorized to 
use services provided by a proxy machine. If the user is not authorized, then 
the user is directed to obtain authorization. Brown does not teach or suggest, 
"in an event that the session is no longer authenticated, persisting as a pending 

15 request at the server, the request from the client," as recited in claim 1 . Rather, 
Brown only teaches that if a request is received and the user is not authorized, 
then the user is directed to obtain authorization - there is no suggestion that the 
request is persisted at the server, or that obtaining the authorization will result in 
the request being processed. 

20 in fact, the Office agrees that Brown does not disclose, "in an event that 

the session is no longer authenticated, persisting the request from the client as 
a pending request." (Office Action, page 3.) The Office further contends, 
however, that Kurowski discloses storing any commands for the task server in a 
persistent queue if the network connection is down and when a connection is 

25 reestablished, go through the persistent queue and send the commands to the 
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task server that are pending there (see Kurowski, page 18, [0241]). [Office 
Action, page 3.) 

The cited portion of Kurowski teaches a client device that monitors a 
network connection, and then saves data to be transmitted when the network 
5 connection is down so that, when the network connection is re-established, the 
saved data can then be transmitted. This scenario differs from the claimed 
invention. 

Kurowski teaches storing data locally, rather than transmitting the data, 
because a network connection is down. In contrast, claim 1 recites, "receiving 

10 at the server, a request from the client; determining whether the session is still 
authenticated; and in an event that the session is no longer authenticated, 
persisting as a pending request at the server, the request from the client." 
According to claim 1, the data (e.g., a request) is transmitted from the client to 
the server, thereby enabling the "receiving at the server, a request from the 

1 5 client." Kurowski teaches that the data cannot be sent, and therefore cannot be 
received at the server, because the network connection is down. According to 
claim 1 , the request is persisted as a pending request at the server after being 
received from the client, "in an event that the session is no longer 
authenticated." This does not imply that a network connection is not available. 

20 In contrast, it implies that the network connection is (or at least was) available, 
thereby allowing the "receiving at the server, a request from the client", but that 
an authenticated session with the client is no longer authenticated. This could 
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be due, for example, to an authenticated session timing-out, and does not 
necessarily imply that a network connection is down. 

Furthermore, combining the teachings of Brown and Kurowski does not 
result in the claimed invention. Combining Brown and Kurowski results in a 
5 system in which a client device monitors a network connection; if the network 
connection is down, the client saves data to be sent to a server; when the 
network connection is available, the client sends the data to the server; when 
the server receives the data, the server determines whether or not the client is 
authorized to send the data that was sent, and if not, directs the client to obtain 

10 authorization. The combination of Brown and Kurowski does not teach or 
suggest, "receiving at the server, a request from the client; determining whether 
the session is still authenticated; in an event that the session is no longer 
authenticated, persisting as a pending request at the server, the request from 
the client," as recited in claim 1 . Accordingly, claim 1 is allowable over Brown in 

15 view of Kurowski, and Applicant respectfully requests that the 103 rejection of 
claim 1 be withdrawn. 

Claims 2, 3. and 5-11 are allowable over Brown in view of Kurowski at 
least by virtue of their dependency (direct or indirect) on claim 1 . 

20 
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Claim 12 recites a method comprising: 

establishing an authenticated session between a server and a ciinet; 
the client submitting a request to the server; 

the client receiving an indication that the session is no longer 
5 authenticated; 

the client obtaining a session re-authentication; and 
the client receiving an indication that the request has been processed, 
without resubmitting the request 



10 As described above with reference to claim 1 , the combination of Brown 

and Kurowski teaches a system in which a client device may store a request for 
later submission to a server in an event that a network connection is 
unavailable, and in which a client may be directed to obtain authentication in 
response to submitting a request when the client is not authorized to submit 

15 such a request. Neither Brown nor Kurowski, alone or in combination, teach or 
suggest , "the client submitting a request to the server; the client receiving an 
indication that the session is no longer authenticated; the client obtaining a 
session re-authentication; and the client receiving an indication that the request 
has been processed, without resubmitting the request," as recited in claim 12. 

20 Accordingly, claim 12 is allowable over Brown in view of Kurowski, and 
Applicant respectfully requests that the 1 03 rejection of claim 12 be withdrawn. 
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Claims 13, 18, 22, 23, 25, and 27 recite elements that are similar to 
those recited in claim 1 . Accordingly, for reasons similar to those stated above 
with reference to claim 1, claims 13, 18, 22, 23, 25, and 27 are also allowable 
over Brown in view of Kurowski, and Applicant respectfully requests that the 
5 103 rejection of claims 13, 18, 22, 23, 25, and 27 be withdrawn. 

Claims 14-17 are allowable over Brown in view of Kurowski at least by 
virtue of their dependency (direct or indirect) on claim 13. 

1 0 Claims 19-21 are allowable over Brown in view of Kurowski at least by 

virtue of their dependency on claim 1 8. 

Claim 24 is allowable over Brown in view of Kurowski at least by virtue of 
its dependency on claim 23. 

15 

Claim 26 is allowable over Brown in view of Kurowski at least by virtue of 
its dependency on claim 25. 

Claims 28 and 29 are allowable over Brown in view of Kurowski at least 
20 by virtue of their dependency (direct or indirect) on claim 27. 

Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Brown in view of Kurowski, and further in view of United States Patent 
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Application Publication No. 2002/0023122 filed by Polizzi et al. (herein referred 
to as "Polizzi"). 

Claim 4 recites the method of claim 2 wherein the authentication token is 
a cookie stored by the client. 
5 Poiizzi teaches a method and apparatus for processing jobs on an 

enterprise-wide computer system. The computer system uses a portal 
architecture to allow a user to view a wide variety of content retrieved from a 
variety of different computer systems. (Polizzi, Abstract.) 

The Office contends that Brown and Kurowski disclose the method of 
10 claim 2. The Office does not make any suggestion that Polizzi adds anything to 
the teachings of Brown and Kurowski with reference to claim 2. Accordingly, at 
least by virtue of its dependency on claim 2, claim 4 is allowable over Brown in 
view of Kurowski, and further in view of Polizzi, and Applicant respectfully 
requests that the 1 03 rejection of claim 4 be withdrawn. 

15 
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Conclusion 

Claims 1-29 are believed to be in condition for allowance. Applicant 
respectfully requests reconsideration and prompt issuance of the present 
application. Should any issue remain that prevents immediate issuance of the 
5 application, the Examiner is encouraged to contact the undersigned agent to 
discuss the unresolved issue. 

10 Respectfully Submitted, 



Lee & Hayes, PLLC 
421 W. Riverside Avenue, Suite 500 
Spokane, WA 99201 
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Name: Kayla D. Brant 
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